MANILA - Mobile phone users should remain vigilant as fraudsters move to use QR codes in scamming activities, PLDT Inc and Smart's Cyber Security Operations Group warned on Friday.
The telco said there were customer reports of malicious quick response of QR codes from dubious individuals, emails or messaging platforms.
This activity is called "quishing" or the use of QR codes that when scanned, directs victims to a fake version of legitimate websites to lure them into disclosing sensitive information such as log-in details, PLDT said.
“When victims enter their personal data on the fake website, the hackers will immediately capture them and use the information to take control of their various accounts including their digital wallets,” PLDT and Smart FVP and Chief Information and Security Officer Angel Redoble said.
The use of QR codes has accelerated during the pandemic as it has also been proven to streamline and make payments more convenient.
Even the Bangko Sentral ng Pilipinas has released a standard QR code system called QR PH to promote interoperability in the use of the technology despite users and merchants having accounts in different banks or e-wallets.
Consumers can protect themselves from quishing by observing the following:
- Only scan QR codes from trusted sources or senders
- Before clicking a link, check the destination site. If it seems dubious, do not visit
- Watch out for advertising materials that have been tempered with
Aside from quishing, consumers should still be wary of other types of scam or social engineering that use deception including smishing, or the use of SMS, as well as vishing or the use of voice calls, PLDT said.
“Remember what our parents taught us about not talking to strangers? This remains true to this day, whether you’re interacting in person or on your gadgets,” added Redoble.
PLDT and Smart said they have blocked 203 scam-linked URLs from June 10 to June 26.